Integration
Guardrails & injection defense for MCP servers
MCP connects your agent to third-party tools – and third-party tools to your agent. The gateway integration puts enforcement in the middle of that conversation: register a downstream server, route your client through the gateway URL, and every tools/call is inspected before it is forwarded.
Because the gateway speaks MCP itself, its decisions bind: a denied call is a JSON-RPC error the client cannot treat as advisory, because the forwarded call never happened. Results are injection-scanned before your agent’s context sees them, and the server’s tool manifest is pinned at registration – if it drifts later, that is a manifest_changed violation, not a silent rug pull.
1. Register the server
Add the downstream MCP server in the Keys tab. Its tool manifest is fetched and pinned at registration.
2. Repoint the client
Configure your MCP client to call the gateway URL for that server instead of the server directly. No client code changes – it is still MCP.
3. Set the policy
The same tool policy, permission tiers, grounding, and taint rules that govern the LLM boundary apply to gateway calls – configure once, enforced on both surfaces.
4. Watch for drift
A changed manifest – new tool, altered description – flags as manifest_changed before further calls forward. Review and re-pin deliberately, or cut the server off.
Why not just enforce in the MCP client?
The client is the compromised party in the main attack scenarios – the model deciding whether a call is safe is the model the poisoned tool description just steered. The gateway enforces where the traffic flows, outside the agent’s influence.
Does the gateway work with any MCP server?
It fronts servers you register and speaks standard MCP to clients. If your client can point at a URL per server, it can point at the gateway.
What gets scanned in results?
The returned content is treated as untrusted input and run through the injection scan – patterns plus classifier – before your agent reads it. Flag in FIX, block in PREVENT.
How do gateway calls relate to the LLM-side view?
Same run, same ledger: gateway calls, model requests, and checkpoint decisions correlate by session and land in one run graph with one cost total and one audit trail.
Put a trust boundary on your MCP tools
Front your MCP servers with the gateway - tools/call inspected, results scanned, manifests pinned against rug-pulls. We are running a limited demo - sign up and we will get you in as soon as we can.